Skip to Content.
Sympa Menu

shibboleth-dev - SSL problem......

Subject: Shibboleth Developers

List archive

SSL problem......


Chronological Thread 
  • From:
  • To:
  • Subject: SSL problem......
  • Date: Tue, 13 Jul 2004 14:54:16 -0400

I'm bringing up a new Solaris machine; it has both a Shib origin + target.... I'm currently having an SSL problem when the SHAR contacts the AA......

I've configured the origin (origin.xml), apache 1.3 + mod_ssl (via httpd.conf), and the shar (via shibboleth.xml) to all use the same key + cert.... all stored in flat file PEM format. And I have mod_ssl using the ca-bundle file I downloaded from IQ. My cert is signed by bossie.

the shar log says this:

2004-07-13 13:58:06 ERROR SAML.SAMLSOAPBinding [8] session_is_valid preFetch populate getNewResponse send send: failed while contacting SAML responder: SSL read: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure, errno 0
2004-07-13 13:58:06 ERROR Shibboleth.ShibBinding [8] session_is_valid preFetch populate getNewResponse send: caught SAML exception during SAML attribute query: SAMLSOAPBinding::send() failed while contacting SAML responder: SSL read: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure, errno 0
2004-07-13 13:58:06 ERROR shibtarget::InternalCCacheEntry [8] session_is_valid preFetch populate getNewResponse: caught SAML exception during query to AA: ShibBinding::send() unable to successfully complete attribute query

and the ssl_engine log says this:

[13/Jul/2004 11:01:18 06387] [error] Re-negotiation handshake failed: Not accepted by client!?
[13/Jul/2004 11:01:18 06387] [error] SSL error on writing data (OpenSSL library error follows)
[13/Jul/2004 11:01:18 06387] [error] OpenSSL: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate [Hint: No CAs known to server for verification?]

suggestions?



Archive powered by MHonArc 2.6.16.

Top of Page